Examples with SQLStatement com.alibaba.druid.sql.ast.SQLStatement used on opensource projects

Search in sources :

Example 31 with SQLStatement

use of com.alibaba.druid.sql.ast.SQLStatement in project druid by alibaba.

the class DruidStatService method getSqlStat.

private String getSqlStat(Integer id) {
    Map<String, Object> map = statManagerFacade.getSqlStatData(id);
    if (map == null) {
        return returnJSONResult(RESULT_CODE_ERROR, null);
    }
    String dbType = (String) map.get("DbType");
    String sql = (String) map.get("SQL");
    map.put("formattedSql", SQLUtils.format(sql, dbType));
    List<SQLStatement> statementList = SQLUtils.parseStatements(sql, dbType);
    if (!statementList.isEmpty()) {
        SQLStatement sqlStmt = statementList.get(0);
        SchemaStatVisitor visitor = SQLUtils.createSchemaStatVisitor(dbType);
        sqlStmt.accept(visitor);
        map.put("parsedTable", visitor.getTables().toString());
        map.put("parsedFields", visitor.getColumns().toString());
        map.put("parsedConditions", visitor.getConditions().toString());
        map.put("parsedRelationships", visitor.getRelationships().toString());
        map.put("parsedOrderbycolumns", visitor.getOrderByColumns().toString());
    }
    DateFormat format = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss:SSS");
    Date maxTimespanOccurTime = (Date) map.get("MaxTimespanOccurTime");
    if (maxTimespanOccurTime != null) {
        map.put("MaxTimespanOccurTime", format.format(maxTimespanOccurTime));
    }
    return returnJSONResult(map == null ? RESULT_CODE_ERROR : RESULT_CODE_SUCCESS, map);
}
Also used : SimpleDateFormat(java.text.SimpleDateFormat) DateFormat(java.text.DateFormat) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement) SimpleDateFormat(java.text.SimpleDateFormat) SchemaStatVisitor(com.alibaba.druid.sql.visitor.SchemaStatVisitor) Date(java.util.Date)

Example 32 with SQLStatement

use of com.alibaba.druid.sql.ast.SQLStatement in project druid by alibaba.

the class WallVisitorUtils method check.

public static void check(WallVisitor visitor, SQLCommentHint x) {
    if (!visitor.getConfig().isHintAllow()) {
        addViolation(visitor, ErrorCode.EVIL_HINTS, "hint not allow", x);
        return;
    }
    String text = x.getText();
    text = text.trim();
    if (text.startsWith("!")) {
        text = text.substring(1);
    }
    if (text.length() == 0) {
        return;
    }
    int pos = 0;
    for (; pos < text.length(); pos++) {
        char ch = text.charAt(pos);
        if (ch >= '0' && ch <= '9') {
            continue;
        } else {
            break;
        }
    }
    if (pos == 5) {
        text = text.substring(5);
        text = text.trim();
    }
    text = text.toUpperCase();
    boolean isWhite = false;
    for (String hint : whiteHints) {
        if (text.equals(hint)) {
            isWhite = true;
            break;
        }
    }
    if (!isWhite) {
        if (text.startsWith("FORCE INDEX") || text.startsWith("IGNORE INDEX")) {
            isWhite = true;
        }
    }
    if (!isWhite) {
        if (text.startsWith("SET")) {
            SQLStatementParser parser = new MySqlStatementParser(text);
            List<SQLStatement> statementList = parser.parseStatementList();
            if (statementList != null && statementList.size() > 0) {
                SQLStatement statement = statementList.get(0);
                if (statement instanceof SQLSetStatement || statement instanceof MySqlSetCharSetStatement || statement instanceof MySqlSetNamesStatement) {
                    isWhite = true;
                }
            }
        }
    }
    if (!isWhite) {
        addViolation(visitor, ErrorCode.EVIL_HINTS, "hint not allow", x);
    }
}
Also used : MySqlSetNamesStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetNamesStatement) SQLStatementParser(com.alibaba.druid.sql.parser.SQLStatementParser) MySqlSetCharSetStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetCharSetStatement) MySqlStatementParser(com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement) SQLCommentHint(com.alibaba.druid.sql.ast.SQLCommentHint)

Example 33 with SQLStatement

use of com.alibaba.druid.sql.ast.SQLStatement in project druid by alibaba.

the class WallVisitorUtils method checkSchema.

private static boolean checkSchema(WallVisitor visitor, SQLExpr x) {
    final WallTopStatementContext topStatementContext = wallTopStatementContextLocal.get();
    if (topStatementContext != null && (topStatementContext.fromSysSchema || topStatementContext.fromSysTable)) {
        return true;
    }
    if (x instanceof SQLName) {
        String owner = ((SQLName) x).getSimpleName();
        owner = WallVisitorUtils.form(owner);
        if (isInTableSource(x) && !visitor.getProvider().checkDenySchema(owner)) {
            if (!isTopStatementWithTableSource(x) && !isFirstSelectTableSource(x) && !isFirstInSubQuery(x)) {
                SQLObject parent = x.getParent();
                while (parent != null && !(parent instanceof SQLStatement)) {
                    parent = parent.getParent();
                }
                boolean sameToTopSelectSchema = false;
                if (parent instanceof SQLSelectStatement) {
                    SQLSelectStatement selectStmt = (SQLSelectStatement) parent;
                    SQLSelectQuery query = selectStmt.getSelect().getQuery();
                    if (query instanceof SQLSelectQueryBlock) {
                        SQLSelectQueryBlock queryBlock = (SQLSelectQueryBlock) query;
                        SQLTableSource from = queryBlock.getFrom();
                        while (from instanceof SQLJoinTableSource) {
                            from = ((SQLJoinTableSource) from).getLeft();
                        }
                        if (from instanceof SQLExprTableSource) {
                            SQLExpr expr = ((SQLExprTableSource) from).getExpr();
                            if (expr instanceof SQLPropertyExpr) {
                                SQLExpr schemaExpr = ((SQLPropertyExpr) expr).getOwner();
                                if (schemaExpr instanceof SQLIdentifierExpr) {
                                    String schema = ((SQLIdentifierExpr) schemaExpr).getName();
                                    schema = form(schema);
                                    if (schema.equalsIgnoreCase(owner)) {
                                        sameToTopSelectSchema = true;
                                    }
                                }
                            }
                        }
                    }
                }
                if (!sameToTopSelectSchema) {
                    addViolation(visitor, ErrorCode.SCHEMA_DENY, "deny schema : " + owner, x);
                }
            } else {
                if (topStatementContext != null) {
                    topStatementContext.setFromSysSchema(Boolean.TRUE);
                    clearViolation(visitor);
                }
            }
            return true;
        }
        if (visitor.getConfig().isDenyObjects(owner)) {
            addViolation(visitor, ErrorCode.OBJECT_DENY, "deny object : " + owner, x);
            return true;
        }
    }
    // if (ownerExpr instanceof SQLPropertyExpr) {
    if (x instanceof SQLPropertyExpr) {
        return checkSchema(visitor, ((SQLPropertyExpr) x).getOwner());
    }
    return true;
}
Also used : SQLObject(com.alibaba.druid.sql.ast.SQLObject) SQLName(com.alibaba.druid.sql.ast.SQLName) SQLIdentifierExpr(com.alibaba.druid.sql.ast.expr.SQLIdentifierExpr) SQLPropertyExpr(com.alibaba.druid.sql.ast.expr.SQLPropertyExpr) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement) SQLExpr(com.alibaba.druid.sql.ast.SQLExpr)

Example 34 with SQLStatement

use of com.alibaba.druid.sql.ast.SQLStatement in project druid by alibaba.

the class WallVisitorUtils method preVisitCheck.

public static void preVisitCheck(WallVisitor visitor, SQLObject x) {
    WallConfig config = visitor.getProvider().getConfig();
    if (!(x instanceof SQLStatement)) {
        return;
    }
    boolean allow = false;
    int errorCode;
    String denyMessage;
    if (x instanceof SQLInsertStatement) {
        allow = config.isInsertAllow();
        denyMessage = "insert not allow";
        errorCode = ErrorCode.INSERT_NOT_ALLOW;
    } else if (x instanceof SQLSelectStatement) {
        allow = true;
        denyMessage = "select not allow";
        errorCode = ErrorCode.SELECT_NOT_ALLOW;
    } else if (x instanceof SQLDeleteStatement) {
        allow = config.isDeleteAllow();
        denyMessage = "delete not allow";
        errorCode = ErrorCode.DELETE_NOT_ALLOW;
    } else if (x instanceof SQLUpdateStatement) {
        allow = config.isUpdateAllow();
        denyMessage = "update not allow";
        errorCode = ErrorCode.UPDATE_NOT_ALLOW;
    } else if (x instanceof OracleMultiInsertStatement) {
        allow = true;
        denyMessage = "multi-insert not allow";
        errorCode = ErrorCode.INSERT_NOT_ALLOW;
    } else if (x instanceof SQLMergeStatement) {
        allow = config.isMergeAllow();
        denyMessage = "merge not allow";
        errorCode = ErrorCode.MERGE_NOT_ALLOW;
    } else if (x instanceof SQLCallStatement || x instanceof SQLServerExecStatement) {
        allow = config.isCallAllow();
        denyMessage = "call not allow";
        errorCode = ErrorCode.CALL_NOT_ALLOW;
    } else if (x instanceof SQLTruncateStatement) {
        allow = config.isTruncateAllow();
        denyMessage = "truncate not allow";
        errorCode = ErrorCode.TRUNCATE_NOT_ALLOW;
    } else if (//
    x instanceof SQLCreateTableStatement || //
    x instanceof SQLCreateIndexStatement || //
    x instanceof SQLCreateViewStatement || //
    x instanceof SQLCreateTriggerStatement || //
    x instanceof SQLCreateSequenceStatement) {
        allow = config.isCreateTableAllow();
        denyMessage = "create table not allow";
        errorCode = ErrorCode.CREATE_TABLE_NOT_ALLOW;
    } else if (x instanceof SQLAlterTableStatement) {
        allow = config.isAlterTableAllow();
        denyMessage = "alter table not allow";
        errorCode = ErrorCode.ALTER_TABLE_NOT_ALLOW;
    } else if (//
    x instanceof SQLDropTableStatement || //
    x instanceof SQLDropIndexStatement || //
    x instanceof SQLDropViewStatement || //
    x instanceof SQLDropTriggerStatement || //
    x instanceof SQLDropSequenceStatement || //
    x instanceof SQLDropProcedureStatement) {
        allow = config.isDropTableAllow();
        denyMessage = "drop table not allow";
        errorCode = ErrorCode.DROP_TABLE_NOT_ALLOW;
    } else if (//
    x instanceof MySqlSetCharSetStatement || //
    x instanceof MySqlSetNamesStatement || //
    x instanceof SQLSetStatement || x instanceof SQLServerSetStatement) {
        allow = config.isSetAllow();
        denyMessage = "set not allow";
        errorCode = ErrorCode.SET_NOT_ALLOW;
    } else if (x instanceof MySqlReplaceStatement) {
        allow = config.isReplaceAllow();
        denyMessage = "replace not allow";
        errorCode = ErrorCode.REPLACE_NOT_ALLOW;
    } else if (x instanceof MySqlDescribeStatement) {
        allow = config.isDescribeAllow();
        denyMessage = "describe not allow";
        errorCode = ErrorCode.DESC_NOT_ALLOW;
    } else if (x instanceof MySqlShowStatement || x instanceof PGShowStatement || x instanceof SQLShowTablesStatement) {
        allow = config.isShowAllow();
        denyMessage = "show not allow";
        errorCode = ErrorCode.SHOW_NOT_ALLOW;
    } else if (x instanceof MySqlCommitStatement || x instanceof SQLServerCommitStatement) {
        allow = config.isCommitAllow();
        denyMessage = "commit not allow";
        errorCode = ErrorCode.COMMIT_NOT_ALLOW;
    } else if (x instanceof SQLRollbackStatement) {
        allow = config.isRollbackAllow();
        denyMessage = "rollback not allow";
        errorCode = ErrorCode.ROLLBACK_NOT_ALLOW;
    } else if (x instanceof SQLUseStatement) {
        allow = config.isUseAllow();
        denyMessage = "use not allow";
        errorCode = ErrorCode.USE_NOT_ALLOW;
    } else if (x instanceof MySqlRenameTableStatement) {
        allow = config.isRenameTableAllow();
        denyMessage = "rename table not allow";
        errorCode = ErrorCode.RENAME_TABLE_NOT_ALLOW;
    } else if (x instanceof MySqlHintStatement) {
        allow = config.isHintAllow();
        denyMessage = "hint not allow";
        errorCode = ErrorCode.HINT_NOT_ALLOW;
    } else if (x instanceof MySqlLockTableStatement) {
        allow = config.isLockTableAllow();
        denyMessage = "lock table not allow";
        errorCode = ErrorCode.LOCK_TABLE_NOT_ALLOW;
    } else if (x instanceof SQLStartTransactionStatement) {
        allow = config.isStartTransactionAllow();
        denyMessage = "start transaction not allow";
        errorCode = ErrorCode.START_TRANSACTION_NOT_ALLOW;
    } else if (x instanceof SQLBlockStatement) {
        allow = config.isBlockAllow();
        denyMessage = "block statement not allow";
        errorCode = ErrorCode.BLOCK_NOT_ALLOW;
    } else {
        allow = config.isNoneBaseStatementAllow();
        errorCode = ErrorCode.NONE_BASE_STATEMENT_NOT_ALLOW;
        denyMessage = x.getClass() + " not allow";
    }
    if (!allow) {
        addViolation(visitor, errorCode, denyMessage, x);
    }
}
Also used : MySqlSetNamesStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetNamesStatement) MySqlDescribeStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlDescribeStatement) PGShowStatement(com.alibaba.druid.sql.dialect.postgresql.ast.stmt.PGShowStatement) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement) MySqlShowStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlShowStatement) MySqlReplaceStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlReplaceStatement) SQLServerCommitStatement(com.alibaba.druid.sql.dialect.sqlserver.ast.stmt.SQLServerCommitStatement) SQLStartTransactionStatement(com.alibaba.druid.sql.ast.statement.SQLStartTransactionStatement) MySqlRenameTableStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlRenameTableStatement) SQLServerExecStatement(com.alibaba.druid.sql.dialect.sqlserver.ast.stmt.SQLServerExecStatement) OracleMultiInsertStatement(com.alibaba.druid.sql.dialect.oracle.ast.stmt.OracleMultiInsertStatement) MySqlLockTableStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlLockTableStatement) MySqlSetCharSetStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetCharSetStatement) MySqlHintStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlHintStatement) WallConfig(com.alibaba.druid.wall.WallConfig) SQLCommentHint(com.alibaba.druid.sql.ast.SQLCommentHint) SQLServerSetStatement(com.alibaba.druid.sql.dialect.sqlserver.ast.stmt.SQLServerSetStatement) MySqlCommitStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlCommitStatement)

Example 35 with SQLStatement

use of com.alibaba.druid.sql.ast.SQLStatement in project druid by alibaba.

the class Bug_for_weizhi method test_for_issue.

public void test_for_issue() throws Exception {
    String sql = "insert into aaa values(1,2,'这是个反斜杠\\\\');";
    String expected = "INSERT INTO aaa\nVALUES (1, 2, '这是个反斜杠\\\\');";
    StringBuilder out = new StringBuilder();
    MySqlOutputVisitor visitor = new MySqlOutputVisitor(out);
    MySqlStatementParser parser = new MySqlStatementParser(sql);
    List<SQLStatement> statementList = parser.parseStatementList();
    for (SQLStatement statement : statementList) {
        statement.accept(visitor);
        visitor.print(";");
    }
    System.out.println(out.toString());
    Assert.assertEquals(expected, out.toString());
}
Also used : MySqlOutputVisitor(com.alibaba.druid.sql.dialect.mysql.visitor.MySqlOutputVisitor) MySqlStatementParser(com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement)

Aggregations

SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)1652 MySqlStatementParser (com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser)915 SQLStatementParser (com.alibaba.druid.sql.parser.SQLStatementParser)431 MySqlSchemaStatVisitor (com.alibaba.druid.sql.dialect.mysql.visitor.MySqlSchemaStatVisitor)346 OracleStatementParser (com.alibaba.druid.sql.dialect.oracle.parser.OracleStatementParser)273 OracleSchemaStatVisitor (com.alibaba.druid.sql.dialect.oracle.visitor.OracleSchemaStatVisitor)254 Column (com.alibaba.druid.stat.TableStat.Column)122 PGSQLStatementParser (com.alibaba.druid.sql.dialect.postgresql.parser.PGSQLStatementParser)109 PGSchemaStatVisitor (com.alibaba.druid.sql.dialect.postgresql.visitor.PGSchemaStatVisitor)107 SQLServerStatementParser (com.alibaba.druid.sql.dialect.sqlserver.parser.SQLServerStatementParser)100 SchemaStatVisitor (com.alibaba.druid.sql.visitor.SchemaStatVisitor)67 MySqlOutputVisitor (com.alibaba.druid.sql.dialect.mysql.visitor.MySqlOutputVisitor)60 SQLServerSchemaStatVisitor (com.alibaba.druid.sql.dialect.sqlserver.visitor.SQLServerSchemaStatVisitor)46 OdpsStatementParser (com.alibaba.druid.sql.dialect.odps.parser.OdpsStatementParser)44 DB2SchemaStatVisitor (com.alibaba.druid.sql.dialect.db2.visitor.DB2SchemaStatVisitor)34 DB2StatementParser (com.alibaba.druid.sql.dialect.db2.parser.DB2StatementParser)33 Test (org.junit.Test)31 MysqlTest (com.alibaba.druid.sql.MysqlTest)29 ArrayList (java.util.ArrayList)29 SQLASTOutputVisitor (com.alibaba.druid.sql.visitor.SQLASTOutputVisitor)28
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial